Mailinglist Archive: opensuse-virtual (17 mails)

< Previous Next >
Re: [opensuse-virtual] How to correctly configure mitigation of CVE-2018-3646 'Foreshadow-NG (VMM)' on Xen Dom0 host?
On 4/14/19 9:28 PM, Tony Su wrote:
You first need to provide source for your spectre-meltdown checker,

this is an Opensuse pkg, sourced from the Opensuse security repo,

https://build.opensuse.org/package/show/security/spectre-meltdown-checker

referenced re: Spectre mitigation, e.g., here:

https://lists.opensuse.org/opensuse-factory/2019-04/msg00169.html

It's my understanding that openSUSE installs microcode patches during
every bootup including Spectre and Meltdown mitigations.

It depends on kernel/hypervisor configuration & available/installed microcode

That's the point of my post -- the correct configuration.

only those processors can be patched "properly."

As mentioned, my CPU is

Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz

Per intel's "microcode update guidance"


https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

the suite of Haswell Xeon v3 Processors, including:

E3-1220V3, E3-1225V3, E3-1230LV3, E3-1230V3, E3-1240V3, E3-1245V3,
E3-1270V3, E3-1275LV3, E3-1275V3, E3-1280V3, E3-1285LV3, E3-1285LV3, E3-1285V3
^^^^^^^^^

are supported in production updates, with the latest available firmware data
files @:


https://downloadcenter.intel.com/download/28087/Linux-Processor-Microcode-Data-File?product=75052)
--
To unsubscribe, e-mail: opensuse-virtual+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-virtual+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
References